Facebook is expected to receive Britain’s maximum possible fine for allowing Cambridge Analytica to improperly access user data, its first penalty related to the leak of millions of users’ personal information.

The U.K.’s Information Commissioner’s Office, an independent data watchdog, intends to slap Facebook with a 500,000-pound fine, or about $660,000, for two breaches of the country’s Data Protection Act. The agency said Tuesday that the social media giant “contravened the law by failing to safeguard people’s information. It also found that the company failed to be transparent about how people’s data was harvested by others.”

“New technologies that use data analytics to micro-target people give campaign groups the ability to connect with individual voters. But this cannot be at the expense of transparency, fairness and compliance with the law,” ICO’s information commissioner, Elizabeth Denham, said in a statement. “Fines and prosecutions punish the bad actors, but my real goal is to effect change and restore trust and confidence in our democratic system.”

Facebook came under fire earlier this year after media outlets reported that Cambridge Analytica, a data firm based in London, had secretly harvested user data that it then used to try and manipulate public opinion. The firm had links to Donald Trump’s presidential campaign in 2016 and had been under investigation by ICO since May 2017.

“As we have said before, we should have done more to investigate claims about Cambridge Analytica and take action in 2015,” Erin Egan, Facebook’s chief privacy officer, said in a statement sent to HuffPost. “We have been working closely with the ICO in their investigation of Cambridge Analytica, just as we have with authorities in the US and other countries. We’re reviewing the report and will respond to the ICO soon.”